package net.zoneland.zrdp.web.impl;

import javax.servlet.http.HttpServletRequest;

import com.alibaba.druid.support.http.DruidWebSecurityProvider;

import net.zoneland.springboot.config.SharedAppConfig;
import net.zoneland.zrdp.common.core.domain.model.LoginUser;
import net.zoneland.zrdp.framework.web.service.TokenService;

/**
 * 需要中实现配置在META-INF/services/com.alibaba.druid.support.http.DruidWebSecurityProvider.
 */
public class DruidWebSecurityProviderImpl implements DruidWebSecurityProvider {


    private TokenService tokenService;

    private LoginUser getLoginUser(final HttpServletRequest request) {
        return getTokenService().getLoginUser(request, false);
    }

    private TokenService getTokenService() {
        if (tokenService == null) { //此特为解决初台化循环依赖问题,特意不用@Autowired
            tokenService = SharedAppConfig.getBean(TokenService.class);
        }
        return tokenService;
    }

    @Override
    public boolean isNotPermit(final HttpServletRequest request) {
        final LoginUser loginUser = getLoginUser(request);
        return loginUser == null || !loginUser.getUser().isAdmin();
    }

}
